Practice, practice, practice!!!

You don’t have to create the theme, just replace the dll. All the theme does is set the unc path to load the dll, none of the payloads are inside the theme

@@ippsec got it

Honestly I don’t know, that’s why I said if it happens try it again. The exploit itself is a race condition, so I guess it could happen at different parts of the exploitation

Did you reboot after disabling the service?

@@ippsec it worked the second time. Thanks, bro! I had to change in the properties to disable before rebooting, in the service for server.

I was just moving a function to the bottom, didn't type anything.

Hard to answer without knowing what part you are referring to. However, I generally do a lot of things "the long way" because it is more flexible. When something doesn't work you'll have a better idea to why it didn't work versus if you just ran a script to do a lot of things for you.

@@ippsec in my opinion: If you make things too complicated for someone, you may overwhelm the person and frustrate progress. However, if someone wants to do something more complicated, they will always have the opportunity to come back to it or investigate the problem again in the future with another point of view. Regards !

@@albertcorzo It would really help if you pointed out what part you thought was overcomplicated. I agree with your sentimate but I am thinking you are refering to the foothold with generating a malicious theme, if not then the rant below is irrelevant. If you are saying the complicated part was not just using a POC that was on github to do it, I would say yes it could frusterate them and halt progress. But if they just ran the script that did the exploit for them, I would call that false progress and eventually be harmful to them long term. By that I mean, I don't think there is any benefit in people learning to exploit the windows aero theme itself. If you're idea of hacking is just building a catalog of scripts to run when you see $x, IMO you aren't learning the right way and waste a lot of time doing something that isn't scalable. So instead of teaching the windows aero exploit, I'm trying to show what DLL Injection is and how it can be applicable to various things.

It’s not over complicated when you understand what’s going on. Usually this is the best way to understand things better. It’s no different then learning how to drive a commercial truck, anyone can learn how to hold the steering wheel but learning what’s under the hood makes you a better driver

@@lrmarquez80 If you check other videos or the hackthebox walkthrough most of the times it's easier to understand if we are talking about a insane machine i can understand you can do something more difficult to understand but for a middle level, more straight more easy, because the people it's getting concepts and this people it's just beginners, but that's my opinion

No